Menu
What's new
By:
Filters Better Search

Asus 86u running merlin not routing

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

Mikeyg76

Occasional Visitor
Good afternoon,

i am having the following issue, on my old ASUS 68u running merlin i was able to add as many clients to my VPN redirect list, but now I am having the issue that on my new Asus 86u that only 6 clients can be routed on VPN, even though I have more then that listed to go through the WAN. I have around 10 IP's i would like to not hit my VPN, but for some reason only 6 will be excluded. Also I am running 384.7_2 Thanks

Nov 24 14:18:32 openvpn-updown: Forcing 192.168.50.0/24 to use DNS server 10.18.252.1
Nov 24 14:18:32 openvpn-updown: Excluding 192.168.50.76 from forced DNS routing
Nov 24 14:18:32 openvpn-updown: Excluding 192.168.50.10 from forced DNS routing
Nov 24 14:18:32 openvpn-updown: Excluding 192.168.50.157 from forced DNS routing
Nov 24 14:18:32 openvpn-updown: Excluding 192.168.50.129 from forced DNS routing
Nov 24 14:18:32 openvpn-updown: Excluding 192.168.50.184 from forced DNS routing
Nov 24 14:18:32 openvpn-updown: Excluding 192.168.50.20 from forced DNS routing
Nov 24 14:18:32 rc_service: service 12754:notify_rc updateresolv
Nov 24 14:18:37 ovpn-client2[12597]: /bin/ip route add 46.21.151.106/32 via 47.208.228.1
Nov 24 14:18:37 ovpn-client2[12597]: /bin/ip route add 0.0.0.0/1 via 10.18.252.1
Nov 24 14:18:37 ovpn-client2[12597]: /bin/ip route add 128.0.0.0/1 via 10.18.252.1
Nov 24 14:18:37 openvpn-routing: Configuring policy rules for client 2
Nov 24 14:18:37 ovpn-client2[12597]: Initialization Sequence Completed
 
Last edited:
Is there a line of command that I can put in to allow more time for the router to pick up the remaining IP’s to be routed?
 
Are you using policy based routing as an option under the VPN client?

With policy based routing the default bypasses the VPN (WAN) then you only need to list the IPs of the devices you want to route through the VPN client.

However personally I like to list all IPs so I positively know which devices are going WAN and which are using the VPN. I have twelve devices included in my list.

Also FYI I am running Merlin 7.2 on an AC1900P and it says the list under policy routing is limited to 100 devices/IPs.
 
Check the name you entered for the 7th client and make sure it doesn't contain any special or double-byte characters.
 
Also, please post the output of

nvram show | grep vpn_client2_clientlist
 
CaptainSTX said:
Are you using policy based routing as an option under the VPN client?

With policy based routing the default bypasses the VPN (WAN) then you only need to list the IPs of the devices you want to route through the VPN client.

However personally I like to list all IPs so I positively know which devices are going WAN and which are using the VPN. I have twelve devices included in my list.

Also FYI I am running Merlin 7.2 on an AC1900P and it says the list under policy routing is limited to 100 devices/IPs.
Click to expand...


Hi, Thanks for the reply, yes I am using policy based routing, I have tried both policy rules and policy rules strict. I have had upto ten listed in my old router and everything was fine, it’s jiat strange that it stops at the sixth one.

I have always listed the IP's i want the VPN to ignore, but i guess for now i will list the IPs to route through the VPN.
 
Last edited:
john9527 said:
Also, please post the output of

nvram show | grep vpn_client2_clientlist
Click to expand...


vpn_client1_clientlist=<LAN>192.168.50.0/24>0.0.0.0>VPN<FAMILY-PC>192.168. 50.165>0.0.0.0>WAN<XBOXONES>192.168.50.10>0.0.0.0>WAN<iPhone6s>192.168.50 .154>0.0.0.0>WAN< iPhone>192.168.50.184>0.0.0.0>WAN<XBOXONE X>192.168.50.76 >0.0.0.0>WAN<iPad>192.168.50.20>0.0.0.
vpn_client1_clientlist1=0>WAN<Echo Kitchen>192.168.50.157>0.0.0.0>WAN<Echo Famil yroom>192.168.50.129>0.0.0.0>WAN

Everything is listed under that, but still under the system log it shows only 6 and the two that are not listed are still behind the VPN (checked the IP's, they show my true IP), which is not want i want, I moved everything to client1 to see if it would work there and still the same error.

Nov 25 12:36:14 openvpn-updown: Forcing 192.168.50.0/24 to use DNS server 10.26.124.1
Nov 25 12:36:14 openvpn-updown: Excluding 192.168.50.165 from forced DNS routing
Nov 25 12:36:14 openvpn-updown: Excluding 192.168.50.10 from forced DNS routing
Nov 25 12:36:14 openvpn-updown: Excluding 192.168.50.154 from forced DNS routing
Nov 25 12:36:14 openvpn-updown: Excluding 192.168.50.184 from forced DNS routing
Nov 25 12:36:15 openvpn-updown: Excluding 192.168.50.76 from forced DNS routing
Nov 25 12:36:15 openvpn-updown: Excluding 192.168.50.20 from forced DNS routing
Nov 25 12:36:15 rc_service: service 5661:notify_rc updateresolv
Nov 25 12:36:21 ovpn-client1[5509]: /bin/ip route add 94.100.23.162/32 via 47.208.228.1
Nov 25 12:36:21 ovpn-client1[5509]: /bin/ip route add 0.0.0.0/1 via 10.26.124.1
Nov 25 12:36:21 ovpn-client1[5509]: /bin/ip route add 128.0.0.0/1 via 10.26.124.1
Nov 25 12:36:21 openvpn-routing: Configuring policy rules for client 1
Nov 25 12:36:21 ovpn-client1[5509]: Initialization Sequence Completed
Nov 25 12:37:51 dropbear[5946]: Password auth succeeded for 'asus' from 192.168.50.21:54952

Here is how it is listed on my list:

LAN 192.168.50.0/24 0.0.0.0 VPN
FAMILY-PC 192.168.50.165 0.0.0.0 WAN
XBOXONES 192.168.50.10 0.0.0.0 WAN
iPhone6s 192.168.50.154 0.0.0.0 WAN
iPhone 192.168.50.184 0.0.0.0 WAN
XBOXONE X 192.168.50.76 0.0.0.0 WAN
iPad 192.168.50.20 0.0.0.0 WAN
EchoKitchen 192.168.50.157 0.0.0.0 WAN
EchoFamilyroom 192.168.50.129 0.0.0.0 WAN
 
Last edited:
Also here is my custom commands:

resolv-retry infinite
auth-nocache
route-delay 5
explicit-exit-notify 5
remote-cert-tls server
 
Alright so i did a test and added another iphone to the excluded list, even though it will not show up on my system log i can confirm that it shows my true IP, but it still shows VPN's DNS. On the first 6 on the list, nothing shows but my true information, allowing those 6 to access the sites i want them to, on the rest they show my true ip. but vpn's dns which causes me not to be bale t visit the sites i want, which means to me that there is a issue.
 
Last edited:
Mikeyg76 said:
vpn_client1_clientlist=<LAN>192.168.50.0/24>0.0.0.0>VPN<FAMILY-PC>192.168. 50.165>0.0.0.0>WAN<XBOXONES>192.168.50.10>0.0.0.0>WAN<iPhone6s>192.168.50 .154>0.0.0.0>WAN< iPhone>192.168.50.184>0.0.0.0>WAN<XBOXONE X>192.168.50.76 >0.0.0.0>WAN<iPad>192.168.50.20>0.0.0.
vpn_client1_clientlist1=0>WAN<Echo Kitchen>192.168.50.157>0.0.0.0>WAN<Echo Famil yroom>192.168.50.129>0.0.0.0>WAN

Everything is listed under that, but still under the system log it shows only 6 and the two that are not listed are still behind the VPN (checked the IP's, they show my true IP), which is not want i want, I moved everything to client1 to see if it would work there and still the same error.
Click to expand...
I think this is something @RMerlin is going to need to check. Because of a limitation in the HND SDK, he needed to break the vpn clientlist defs into 255 byte chunks. It looks like it's stopping at the first chunk 'clientlist' and not reading 'clientlist1' (the part that overflowed to the next chunk for the 6th entry would be defaulted to what you intended).
 
Are you using the firmware's vpnrouting.sh script, or a customized one? The firmware's built-in script should properly append all entries.

https://github.com/RMerl/asuswrt-merlin.ng/blob/master/release/src/router/others/vpnrouting.sh#L114

I just tested it with a bunch of entries split across two variables, all clients are there:

Code: 
admin@stargate88ax:/tmp/home/root# ip rule
0:    from all lookup local
10501:    from 192.168.10.105 lookup ovpnc3
10502:    from 192.168.10.80 lookup ovpnc3
10503:    from 192.168.10.81 lookup ovpnc3
10504:    from 192.168.10.82 lookup ovpnc3
10505:    from 192.168.10.83 lookup ovpnc3
10506:    from 192.168.10.85 lookup ovpnc3
10507:    from 192.168.10.86 lookup ovpnc3
10508:    from 192.168.10.87 lookup ovpnc3
10509:    from 192.168.10.88 lookup ovpnc3
10510:    from 192.168.10.89 lookup ovpnc3
32766:    from all lookup main
32767:    from all lookup default
 
john9527 said:
@Mikeyg76
Are you using any of @Martineau 's script packages? I think he may package a customized vpnrouting with some of them.
Click to expand...

I don't distribute vpnrouting.sh, but I do post code snippets to show how I have made useful tweaks
e.g. Streamline ugly code etc.
Code: 
VPN_UNIT=${dev:4:1}

if [ "${dev:0:4}" == "tun1" ];then
    VPN_IP_LIST=$(nvram get vpn_client${VPN_UNIT}_clientlist)$(nvram get vpn_client${VPN_UNIT}_clientlist1)$(nvram get vpn_client${VPN_UNIT}_clientlist2)$(nvram get vpn_client${VPN_UNIT}_clientlist3)$(nvram get vpn_client${VPN_UNIT}_clientlist4)$(nvram get vpn_client${VPN_UNIT}_clientlist5)
    ########################################################################################## Martineau Hack 8 of 13
    #   Selective routing entries are limited to 99 VPN rules regardless if there is 1 or 99 WAN rules!
    #   Sort the rules into WAN,VPN order then simply set the base VPN PRIO to the number of WAN entries + 1
    #   Now we can have up to 199!! 
    VPN_IP_LIST=$(Sort "$VPN_IP_LIST")
    VPN_REDIR=$(nvram get vpn_client${VPN_UNIT}_rgw)
    VPN_FORCE=$(nvram get vpn_client${VPN_UNIT}_enforce)
    VPN_LOGGING=$(nvram get vpn_client${VPN_UNIT}_verb)
else
    # Assume OpenVPN Server 'tun21' or 'tun22'
    run_custom_script
    exit 0
fi
I suggest that the OP uses

upload_2018-11-26_9-49-7.png


to see if Syslog highlights additional info, otherwise the OP will need to provide a debug trace.
 
You must log in or register to reply here.

Similar threads

R
Bug report: not resetting routing table after OpenVPN connection failures
Replies
2
Views
1K
remote_recon
R
R
DomainVPNRouting Domain VPN Routing v3.0.4 ***Release***
2 3
Replies
55
Views
5K
MarcoPolo
M
A
Devices connect to my openvpn server correctly but no traffic from server to client
Replies
6
Views
2K
ragtap
R
P
OVPN Problem. Asus rt ax56u (latest merlin firmware
Replies
9
Views
2K
pattox
P
F
Site To Site VPN between Debian VM and AsusWRT-Merlin router, no routes exists
Replies
2
Views
1K
Freewill0592
F
Similar threads
Thread starter Title Forum Replies Date
T Internet connection via ISP despite existing VPN connection in the Asus RT-AC 86U Asuswrt-Merlin 5
ojigi Asus RT-AX68U "hangs" about once per day Asuswrt-Merlin 0
J Curious behaviour after opening ports with iptables - RTAX86U - Asus Wrt Merlin Asuswrt-Merlin 6
P Support Merlin for ASUS - ExpertWiFi EBG19P ?? Asuswrt-Merlin 1
tallytr ASUS DDNS Server Error Asuswrt-Merlin 1
R Asus RT-AX88U-Pro Login page hangs in Windows 10 Asuswrt-Merlin 4
W New Asus AXE-11000 VPN Director Problem Asuswrt-Merlin 1
R Revert ASUS RT-AX86U Pro Back to Stock Firmware Asuswrt-Merlin 1
Ken Firch Is Asus DDNS Service Reliable? Asuswrt-Merlin 7
Z Asus AX88u slow on 2.4ghz wifi on certain devices Asuswrt-Merlin 9

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 474 (members: 10, guests: 464)
Top